Amelith's work laptop environment

[Amelith Nargothrond]

This is another environment (different than my previous one), which is use exclusively with my work laptop.

• Windows is configured to (always) use a VPN (except when at the office). Could be either my pfsense box from my office rack (that uses OpenDNS with custom config), or the ones my clients are running.
• Because of the nature of the laptop (take it around from one client to another), i'm running everything inside a VM or inside a sandbox (Sandboxie)
• I also have to constantly integrate with or switch to different environments, so any other security apps will slow me down, but i'm not using (by default) a user with admin privileges.
• I'm backing up Macrium images on my office NAS (which is also being backed up elsewhere).
• Both hard drives are encrypted (Bitlocker).
• Authentication on the laptop is done with a Yubikey.

I am not using the laptop for malware testing; this is what i use at the office, to connect to clients and their networks (on-premise or remotely).

 

[brod56]

Even being at work, consider adding Zemana as an on demand option.
You are fine, thanks for sharing

 

[frogboy]

A very nice config you got there, nothing to add here.

Thanks for sharing with us here at MT.

 

[Ink]

Which version of Avira; Free, Pro, Total, Prime..?

 

[Exterminator]

As @Spawn asked above please edit your config to reflect what version of Avira you are using.
Good Config! Thanks for sharing it with us

 

[Amelith Nargothrond]

Updated Avira version, thank you all

 

[JM Safe]

Maybe add also ZAM Free.

Good config.

Thanks for sharing.

 

[Winter Soldier]

Solid setup you got there
Considering it is a work environment, it is a good move to use mainly CCleaner for a reliable maintenance of the system, avoiding possible faults due to other aggressive optimization solutions.

 

[Amelith Nargothrond]

Update:

• Temporarily removed Avira (for some reason it's killing my SSDs with heavy disk activity - symptoms noticed after Creators Update)
• Added 15 days trial Zemana

 

[Handsome Recluse]

Update:

• Temporarily removed Avira (for some reason it's killing my SSDs with heavy disk activity - symptoms noticed after Creators Update)
• Added 15 days trial Zemana

Is Zemana your temporary surrogate solution?

 

[JHomes]

Instead of Ccleaner, you could use Reboot Restore Rx. Lot of my clients lock down a config with Reboot Restore Rx and then restore to it whenever neccesary. Might be easier.

Overall not a bad configuration you have here. Good work!

 

[Xsjx]

Update:

• Temporarily removed Avira (for some reason it's killing my SSDs with heavy disk activity - symptoms noticed after Creators Update)
• Added 15 days trial Zemana

Avira is working on it.
Asked by Webcare

 

[Deleted member 178]

@Amelith Nargothrond With your knowledge, using RT AVs is like an adult playing with a toy. Go for better solutions than AVs.

 

[Amelith Nargothrond]

Is Zemana your temporary surrogate solution?

@Amelith Nargothrond With your knowledge, using RT AVs is like an adult playing with a toy. Go for better solutions than AVs.

I don't rely on AVs, Avira or Zemana... Zemana was just a pick from the bunch because you guys are using it heavily and because it's lighter than Avira. On that laptop, I run many things in Sandboxie anyway (or directly in a VM if I smell something funny), not playing with it, not testing malware, strictly sticking to the "guidelines", not browsing anything outside business stuff...
Thinking about it, don't particularly know why I installed Zemana at all (or any other AV for that matter), WinDefender is just fine, considering how I work with that laptop
The only nagging thing on it is Windows Firewall Control. Might sound dangerous, I'm not recommending this... But everything is backed up, I prefer buying HDDs for the Macrium images (to keep more backup versions) than to overprotect everything, on that laptop, I am this "lazy"

On my home PC, the one I use only for the "me-time", I have nothing, except Windows Defender & Firewall. I occasionally run a second opinion scanner, when I have nothing better to do. It was Combofix I used for this before I upgraded to Win10, but it's not (yet) supported for this version.

Instead of Ccleaner, you could use Reboot Restore Rx. Lot of my clients lock down a config with Reboot Restore Rx and then restore to it whenever neccesary. Might be easier.

I am considering it, I like the software. I tried the free version when you mentioned it in an earlier post Thank you!

Avira is working on it.
Asked by Webcare

Good to know, though I was a little disappointed I had to do this. Thinking of it, what if this is happening to classic HDDs? SSDs barely keep up when HDD activity skyrockets. Fortunately, I did not update and will not update my clients with Creators yet, I learned my lessons a long time ago with MS, I need to give everybody time to fix their issues with the new versions. Though I just don't understand why Avira couldn't prepare their products for Creators, in time, to avoid such critical issues. I'm sure they have access to the "Development branch".

 

[Deleted member 178]

- On that laptop, I run many things in Sandboxie anyway (or directly in a VM if I smell something funny), not playing with it, not testing malware, strictly sticking to the "guidelines", not browsing anything outside business stuff...
- WinDefender is just fine, considering how I work with that laptop
- The only nagging thing on it is Windows Firewall Control. Might sound dangerous, I'm not recommending this...

Sandboxie properly set and used worth the combination of 3-4 security apps. WFC is just a WinFirewall GUI with some extended functions and optimized rules, quite nice if you don't want bother using tightened WF and create rules manually.
so basically WD + Sbie + WFC is light and secured setup. just tweak Sbie to block internet access from other processes than the one sandboxed, to prevent keyloggers leaks.

 

[McLovin]

So this is a work machine that you connect to a VPN that then will connect to the office for information?
Also you said that your system is backed up to an office NAS, what software are they using to back it up elsewhere?

 

[Amelith Nargothrond]

So this is a work machine that you connect to a VPN that then will connect to the office for information?
Also you said that your system is backed up to an office NAS, what software are they using to back it up elsewhere?

If I'm at the office, I connect mostly to client's VPNs to get access to their network. If not at the office and I have no reason to connect to my clients, I connect to my own VPN.
Synology has proprietary FREE server software for just about anything you could imagine. One of them is called HyperBackup and backs up data just about everywhere you want to, from another NAS to most major cloud services. Looks like this:

Spoiler